Yahoo hack: is your account still at risk?

The US authorities have charged four men – including two Russian spies – over the 2014 hack.

15 March, 2017 18:32

Members of the Russian security services are among four people charged in connection with 2014′s massive hack of Yahoo, the US Justice Department has said.

The cyber attack affected approximately 500 million user accounts and saw the personal data of some users stolen.

Yahoo had previously said it believed the attack had been the work of “state-sponsored” hackers and said it was “committed to keeping our users and our platforms secure and will continue to engage with law enforcement to combat cybercrime”.

Here’s everything you need to know if you’re a Yahoo user.

What data was affected by the attack?

(Dominic Lipinski/PA)

Yahoo was criticised for the delay in telling users about the 2014 attack – it was only revealed last year.

The firm revealed in September that personal information that may have been stolen included names, email addresses, telephone numbers, security questions and answers and encrypted passwords.

Yahoo also said no financial details, such as credit card data, had been accessed.

Are Yahoo accounts still at risk?

(Dominic Lipinski/PA)

The firm advised users to change their passwords in order to secure their accounts following its announcement and also said it would contact affected users.

The company has also encouraged others to begin using the company’s Account Key system which requires permission from the account holder any time someone attempts to log in.

However, account holders who have so far taken no action are likely to still be at risk.

Were UK users affected?

(Dominic Lipinski/PA)

Figures from the Information Commissioner’s Office suggest that eight million UK users were affected by the 2014 attack, including users of Sky and BT email services which run on Yahoo.

How can users protect affected accounts?

(Dominic Lipinski/PA)

Yahoo has already encouraged users to change their passwords and security questions, as well as begin to use its Account Key system, which removes the need to enter a password and instead asks users via a notification to their mobile device to authenticate a log-in each time they want to access their accounts.

The tech firm has also encouraged users to to avoid clicking or downloading links from any suspicious email addresses and to be cautious of unsolicited communications that ask for personal information.